Proton Mail Introduces Optional Quantum‑Safe Encryption for All Users
What Happened — Proton Mail has launched an optional post‑quantum cryptography (PQC) feature that generates new encryption keys designed to resist future quantum computer attacks. The feature is available on every plan, including the free tier, but requires the latest Proton apps. Encrypted forwarding is temporarily disabled while PQC is active, and existing mailbox content is not retro‑re‑encrypted.
Why It Matters for TPRM —
- Quantum‑safe encryption changes the cryptographic baseline for email services, affecting downstream integrations and data‑in‑transit risk assessments.
- Vendors that rely on Proton Mail for secure communications must verify compatibility and performance impacts on client devices.
- The rollout signals a broader industry shift toward post‑quantum readiness, prompting third‑party risk programs to update evaluation criteria.
Who Is Affected — Email service providers, SaaS platforms that embed email functionality, enterprises using Proton Mail for secure communications, and any third‑party applications that exchange encrypted email with Proton users.
Recommended Actions —
- Review your organization’s email security policies to include post‑quantum considerations.
- Validate that any integrated tools (e.g., CRM, ticketing) support Proton’s new PQC keys or have a migration path.
- Conduct performance testing on client devices to gauge the reported minor slowdown.
- Track Proton’s roadmap for broader ecosystem support (e.g., Thunderbird) and adjust vendor assessments accordingly.
Technical Notes — The feature creates fresh encryption keys based on emerging PQC algorithms and adds support for OpenPGP v6. It does not re‑encrypt existing messages, and encrypted forwarding is paused while PQC is enabled. Users must upgrade to the latest Proton Mail apps; older versions lack the necessary key handling. Source: Help Net Security